Cédric Dufour
-
GNU/Linux System and Software Engineer

E-Mail cedric.dufour@null.ced-network.net (note)

Location CH-1860 Aigle (VD)

Nationalities Swiss / French Birthdate September 9th, 1973 Civil status Single

Languages French (mother tongue) English (fluent) German (basic)

Personal Software Projects (see my sofware or GitHub pages for further details)
Python	Universal Password Changer (UPwdChg), a Python/PHP utility to synchronize passwords between LDAP, Kerberos, Active Directory, etc. Log Watcher Daemon (logwatcherd), a simple, light-weight and modular way to watch logs for specific events and take appropriate corresponding actions.
C/C++	Qt Virtual Chart Table (QVCT), a Qt5 application for conventional chart and GPS navigation
PHP	PHP-URC, a library for designing web-based remote control interfaces
Garmin ConnectIQ	TowplaneSK, the Towplane Swiss Knife for Garmin ConnectIQ devices GliderSK, the Glider Swiss Knife for Garmin ConnectIQ devices SunAlmanac, Sunrise/Sunset data for Garmin ConnectIQ devices, along its little-brother PilotSRSS PilotAltimeter, a Pilot ICAO/ISA Altimeter for Garmin ConnectIQ devices TOTP, a TOTP (RFC6238) implementation for Garmin ConnectIQ devices
Miscelleneaous	Pi Station, an all-in-one approach to setting up a Raspberry Pi for 24/7 usage, along the Sleepy Pi power-management extension (hat) and other selected hardware, and leveraging Ansible for easy and reproducible configuration.

Professional Software Projects (Head Developer)
Linux Tooling	Simple Imager, Linux Imaging and Deployment Made Easy KiSC, K.I.S.S. Cluster manager
PHP/Symfony	Data Jukebox, a PHP/Symfony bundle which aims to provide - for common CRUD (Create-Read-Update-Delete) operations - the same level of abstraction that Symfony does for forms Data Cryptographer, a PHP/Symfony bundle which provides a cryptographer resource/service for common cryptographic operations

Exoscale (2019 - now, most recent first)
Development / Python	Entirely rewrote Exoscale Cloud-Controller Manager (CCM) acceptance tests using pytest.
Development / GoLang	Maintaining Exoscale public, GoLang-written tooling portfolio, namely: Exoscale/HashiCorp Packer Plugin, Exoscale/HashiCorp Vault Authentication Plugin, Exoscale/Kubernetes Cloud Controller Manager (CCM), etc.
Deployment / Automation	Pre-baking of Custom Templates with Packer and the Exoscale Builder plugin, along Ansible configuration and Molecule unit testing to guarantee the operational Q&A of services like Vault, Consul, Kubernetes, etc.
Security	Deployment and integration of HashiCorp Vault for the management of software stacks secrets (SSL certificates, IAM credentials, SSH keys, etc.)
Logging	New high-level events logging library, written in Python and leveraging Kafka messaging queue along Confluent's REST Proxy
Security	New internal Public Key Infrastructure (PKI), leveraging YubiKeys PIV (Applet) for personal access tokens
Web	Graceful, adaptive throttling and rate-limiting using HAProxy
Idiap Research Institute (2006 - 2019, most recent first)
Network	Upgraded the entire network infrastructure to provide 10Tb/s (Nx40GbE) core and 10GbE edge switching capacity, based on HPE/Aruba switches
Python	Migrated all in-house Python 2 resources to Python 3: Simple Imager, UPwdChg, logwatcherd, dovecot-loadbalancer
GNU/Linux / SmartCards	Set up PKI smartcards for e-mail signature/encryption as well as two-factor authentication along PAM, MIT Kerberos V (PKINIT), Apache web server - along OpenLDAP authorization - and OpenVPN.
GNU/Linux / Time-Serie Database ZFS / High-Availability	Set up InfluxDB time-serie database, on top of ZFS along DRBD and corosync+pacemaker (high-availability stack), to store a billion-odd metrics per day, gathered through GUStat and displayed thanks to Grafana.
GNU/Linux / Virtualization GPU Computation	Added GPU computation nodes to the virtualization infrastructure (~30 physical hosts, ~600 cores, ~7.5 TiB RAM, ~400'000 CUDA cores, ~1.5 TiB GPU RAM) along libvirt, PCI passthrough and K.I.S.S. Cluster (KiSC).
GNU/Linux / Virtualization High-Availability / Python	Upgraded the virtualization infrastructure (~20 physical hosts, ~500 cores, ~5 TiB RAM) to Debian/Jessie 9 along libvirt (virtualization API), corosync+pacemaker (high-availability stack) and K.I.S.S. Cluster (KiSC), our own in-house (Python-written) heterogeneous cluster management tool.
GNU/Linux	Forked and refactored apparently defunct SystemImager and SALI system imaging and (PXE) deployment stack to our own in-house Simple Imager project/solution.
PHP	Refactoring of legacy PHP4 intranet applications to PHP5/Symfony framework, along Data Jukebox Bundle and Data Cryptographer Bundle.
GNU/Linux	Migration of all computation nodes and workstations (~200 hosts) to Debian/Jessie 8 (64-bit)
GNU/Linux / Virtualization High-Availability / Network	Thorough overhaul of Idiap High-Availability Virtualization Cluster, 2nd generation (HAVC II), fullfilling the requirements for hosting 200+ virtual servers and computation nodes, distributed among 24 physical hosts
Network	Full network tolopology upgrade and VLAN renumbering along migration to new Fortinet FortiGate-800C firewall cluster and activation of Idiap IPv6 range (2001:620:7a3::/48)
GNU/Linux / Virtualization	Migration of all virtual servers (∼120 hosts) to a highly-available corosync/pacemaker+KVM/libvirt cluster, based on IBM BladeCenter (servers) and BNT Virtual Fabric (networking) hardware, and coupled with automated network boot (PXE) and image installation
Network	Upgrade and consolidation of building-wide Wireless LAN infrastructure using HP ProCurve Multi-Service Mobility (MSM) products
GNU/Linux / Storage	R'Equip project (Lustre-based high performance storage system): initial proof of concept, preliminary tests, requirements analysis, system engineering, hardware provisioning and final commissioning
GNU/Linux / Virtualization	Virtualization of all servers and services (∼100 hosts) using Linux VServer technology, along with heartbeat (high-availability)/LVS (load-balancing) and Nagios monitoring
GNU/Linux / Identity Mgmt	Consolidation and extension of the MySQL and LDAP-base identity management system to allow its integration with Eduroam and internal freeradius authentication servers as well as SwitchAAI Shibboleth single sign-on (SSO) portal (pan-academic authentication frameworks)
GNU/Linux / Workstations	Workstations packaging and deployment using network boot (PXE) and image installation
Network	Network migration to multiple VLAN-based segments along with split DNS and DHCP as well as network authentication (802.1X), OpenVPN and enhanced access control using SonicWall appliances.
PHP	Web-based applications using PHP-APE library: Idiap's Online Recruitment System, Contacts and Relations Manager, Project Management System, Network Access Manager, Project Time Accounting, etc.

Operating Systems	Linux ( debian, ubuntu )
Platforms	Intel / AMD (x86), Raspberry Pi (ARM), Arduino (AVR), Garmin (watches)
Software Engineering and Development (Linux-centric)
Stand-Alone Applications	Python, Go, C/C++, Qt, Monkey C
Web Applications/Services	PHP, Symfony, CSS, Javascript
Databases	SQL, PL/SQL (PostgreSQL)
Other	shell scripting, GIT, debian packaging, cryptography (applied)
Linux for the Cloud
Platform	Exoscale
Virtualization	QEMU/KVM, libvirt, (virtualbox)
Monitoring / Observability	prometheus, grafana
Deployment	packer, terraform, consul, docker, kubernetes, CI/CD / jenkins, github
Security	vault
Linux for the Enterprise
Network Services	DHCP / isc.org's dhcp, DNS / bind, NTP / isc.org's ntp
Authentication Services	LDAP / openldap, RADIUS / freeradius
Mail Services	SMTP / postfix, POP/IMAP / dovecot, MDA / procmail, tmda
Storage Services	NFS, SMB/CIFS / samba, ZFS / OpenZFS
Remote Access Services	SSH / openssh, VPN / openvpn, wireguard
Printing Services	IPP / cups, samba
Database Services	postgresql, mariadb, influxdb
Web Services	HTTP / apache, nginx, haproxy, SAML / shibboleth, ownCloud
High-Availability / Load-Balancing	corosync/pacemaker, drbd, LVS / linux virtual server
Monitoring / Observability	SYSLOG / syslog-ng, nagios
Deployment	PXE / simple imager, debian (packaging)
Configuration	puppet, ansible, gcfg
Security	PKI/X.509 / openssl, PKCS#15/PKCS#11 / opensc
Networking	BGP / bird, VLAN, 802.1X (EAP), IPv6, iptables

2019.07 - now

Exoscale (Lausanne, CH) - Site Reliability Engineer www.exoscale.ch Emphasis on security and Kubernetes.

2006.10 - 2019.06

Idiap Research Institute (Martigny, CH) - Software and System Engineer (employment certificate, in French) www.idiap.ch Responsible for Linux systems along network and security architecture. System engineering and administration (∼200 hosts). Network engineering and administration (∼1000 ports). Web applications development (PHP/Symfony).

2005.02 - 2006.04

VS Informatique (Martigny, CH) - IT Engineer (employment certificate, in French) www.vsinformatique.com Business customers support. New tools and services development and setup. System (Linux/Windows) and network setup, administration and troubleshooting.

2001.10 - 2005.01

Cédric Dufour / Cogito Ergo Soft (Verbier, CH) - Independent Contractor (chamber of commerce registration, in French) Web applications development. System (Linux/Windows) and network setup, administration and troubleshooting.

1999.03 - 2001.06

STAR Telecom (Geneva, CH) - Technical Manager (employment certificate, in French) STAR Telecommunication Ltd (USA)'s swiss branch setup. Technically responsible for telecommunication infrastructures (Nortel DMS-100E) operations, local network and system (Windows NT4) administration, as well as interconnection projects management; Leading a four-employee team. Software development (internal tools).

1998.02 - 1999.02

Laboratoire de Traitement du Signal - LTS (EPFL, Lausanne, CH) - Ph.D Student (recommendation letter, in French) lts5www.epfl.ch Algorithms research and software development for biomedical images processing and analysis.

2013.02

IPv6 Workshop - Frank Herberg and Alexander Gall, SWITCH (Zürich, CH) Certificate: IPv6 Basics, Deployment & Security

2011.05

Lustre Workshop - Roland Fehrenbacher and Peter Kruse, Q-Leap Networks (Ehningen, DE)

2010.08

Dynamique de gestion de projet - Georges A. Gessler (Martigny, CH)

2007.08

Software Architecture - Christian Alt, Digicomp Academy (Lausanne, CH) Attestation: Les bases d'une architecture Software (OAR) Design Patterns - Christian Alt, Digicomp Academy (Lausanne, CH) Attestation: Design orienté objets à partir des origines (ODP)

2006.12

Advanced C++ - Jack Tardy, Digicomp Academy (Lausanne, CH) Attestation: C++ Avancé (CPA)

1999	Nortel Networks DMS-100F - Nortel Training Center (Amsterdam, NL) Certifications: Technical Overview, Maintenance Part I, Maintenance Part II

1992 - 1997

Engineer in Electricity (low power) - École Polytechnique Fédérale de Lausanne (EPFL, CH) - master Specializations : electronic, electromagnetism, audio, signal processing and telecommunication Results : theoretical 8.8/10, practical 8.0/10

1988 - 1992

Scientific Diploma - Collège Claparède (Geneva, CH) - high school Results : overall 5.6/6

Windsurfing, Skiing, Martial Arts (Karate and Kobudo), Mountain Hiking Flying: Airplanes (PPL/SEP) and Gliders (SPL)